jguy07
asked on
Help Adding 2nd Sub-Interface For VPN (Cisco 2500 series)
I'm no Cisco guru, but I've been assigned with the task of setting up a sub-interface for our VPN. Here's some information:
Need a sub interface
DLCI 101
My interface (the sub) needs IP of 10.129.2.58 (this is ISP's private network in case you are wondering)
I need to add an IP route to 10.128.0.0
With all this in mind, could someone please "baby step" a novice through this? I'll dump all my points (that I have left) for this one.
I have MANY sub interfaces already installed on this router, so I can NOT loose their config while doing this, if so........I'll have to look for another place of employment since they connect to all of our branch offices!! LOL Here's my config:
User Access Verification
Using 3839 out of 32762 bytes
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Tuscaloosa
!
!
!
!
!
!
ip subnet-zero
no ip domain-lookup
ip name-server 207.230.75.34
ip name-server 207.230.75.50
ip name-server 10.0.0.2
!
!
!
!
interface Ethernet0
ip address 10.0.0.12 255.255.255.0
ip directed-broadcast
ip nat inside
bridge-group 1
!
interface Serial0
bandwidth 512
no ip address
no ip directed-broadcast
encapsulation frame-relay
fair-queue 64 256 0
frame-relay lmi-type ansi
!
interface Serial0.1 point-to-point
description connected to Decatur
ip address 192.168.100.1 255.255.255.252
no ip directed-broadcast
ip nat inside
frame-relay interface-dlci 200
bridge-group 1
!
interface Serial0.2 point-to-point
description connected to MtVernon
ip address 192.168.100.5 255.255.255.252
no ip directed-broadcast
ip nat inside
frame-relay interface-dlci 300
bridge-group 1
!
interface Serial0.3 point-to-point
description connected to Mobile
ip address 192.168.100.9 255.255.255.252
no ip directed-broadcast
ip nat inside
frame-relay interface-dlci 400
bridge-group 1
!
interface Serial0.4 point-to-point
description connected to Montgomery
ip address 192.168.100.13 255.255.255.252
no ip directed-broadcast
ip nat inside
frame-relay interface-dlci 601
bridge-group 1
!
interface Serial1
no ip address
no ip directed-broadcast
encapsulation frame-relay IETF
frame-relay lmi-type ansi
!
interface Serial1.1 point-to-point
description Connected to Internet
ip address 10.22.4.130 255.255.255.252
no ip directed-broadcast
ip nat outside
frame-relay interface-dlci 100
!
router rip
version 2
passive-interface Serial1.1
network 10.0.0.0
network 192.168.100.0
no auto-summary
!
ip nat pool Tuscaloosa-natpool-41600 209.16.241.33 209.16.241.46 netmask 255.255
.255.240
ip nat inside source list 1 pool Tuscaloosa-natpool-41600 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Serial1.1
ip route 10.0.0.0 255.255.255.0 Ethernet0
ip route 192.168.2.0 255.255.255.0 192.168.100.2
ip route 192.168.3.0 255.255.255.0 192.168.100.6
ip route 192.168.4.0 255.255.255.0 192.168.100.10
ip route 192.168.6.0 255.255.255.0 192.168.100.14
no ip http server
!
access-list 1 permit 192.168.100.0 0.0.0.3
access-list 1 permit 192.168.100.4 0.0.0.3
access-list 1 permit 192.168.100.8 0.0.0.3
access-list 1 permit 10.0.0.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 1 permit 192.168.4.0 0.0.0.255
access-list 1 permit 192.168.100.12 0.0.0.3
access-list 1 permit 192.168.6.0 0.0.0.255
snmp-server engineID local 00000009020000D058AD278D
snmp-server community public RO
bridge 1 protocol ieee
!
line con 0
transport input none
line aux 0
line vty 0 4
password 7 1108140D1407
login
!
end
With this config, would I be right in assuming that I need to build another sub interface called Serial 0.5 with a description of "Connected to VPN"????
Please advise.
thanks!!
Need a sub interface
DLCI 101
My interface (the sub) needs IP of 10.129.2.58 (this is ISP's private network in case you are wondering)
I need to add an IP route to 10.128.0.0
With all this in mind, could someone please "baby step" a novice through this? I'll dump all my points (that I have left) for this one.
I have MANY sub interfaces already installed on this router, so I can NOT loose their config while doing this, if so........I'll have to look for another place of employment since they connect to all of our branch offices!! LOL Here's my config:
User Access Verification
Using 3839 out of 32762 bytes
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Tuscaloosa
!
!
!
!
!
!
ip subnet-zero
no ip domain-lookup
ip name-server 207.230.75.34
ip name-server 207.230.75.50
ip name-server 10.0.0.2
!
!
!
!
interface Ethernet0
ip address 10.0.0.12 255.255.255.0
ip directed-broadcast
ip nat inside
bridge-group 1
!
interface Serial0
bandwidth 512
no ip address
no ip directed-broadcast
encapsulation frame-relay
fair-queue 64 256 0
frame-relay lmi-type ansi
!
interface Serial0.1 point-to-point
description connected to Decatur
ip address 192.168.100.1 255.255.255.252
no ip directed-broadcast
ip nat inside
frame-relay interface-dlci 200
bridge-group 1
!
interface Serial0.2 point-to-point
description connected to MtVernon
ip address 192.168.100.5 255.255.255.252
no ip directed-broadcast
ip nat inside
frame-relay interface-dlci 300
bridge-group 1
!
interface Serial0.3 point-to-point
description connected to Mobile
ip address 192.168.100.9 255.255.255.252
no ip directed-broadcast
ip nat inside
frame-relay interface-dlci 400
bridge-group 1
!
interface Serial0.4 point-to-point
description connected to Montgomery
ip address 192.168.100.13 255.255.255.252
no ip directed-broadcast
ip nat inside
frame-relay interface-dlci 601
bridge-group 1
!
interface Serial1
no ip address
no ip directed-broadcast
encapsulation frame-relay IETF
frame-relay lmi-type ansi
!
interface Serial1.1 point-to-point
description Connected to Internet
ip address 10.22.4.130 255.255.255.252
no ip directed-broadcast
ip nat outside
frame-relay interface-dlci 100
!
router rip
version 2
passive-interface Serial1.1
network 10.0.0.0
network 192.168.100.0
no auto-summary
!
ip nat pool Tuscaloosa-natpool-41600 209.16.241.33 209.16.241.46 netmask 255.255
.255.240
ip nat inside source list 1 pool Tuscaloosa-natpool-41600 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Serial1.1
ip route 10.0.0.0 255.255.255.0 Ethernet0
ip route 192.168.2.0 255.255.255.0 192.168.100.2
ip route 192.168.3.0 255.255.255.0 192.168.100.6
ip route 192.168.4.0 255.255.255.0 192.168.100.10
ip route 192.168.6.0 255.255.255.0 192.168.100.14
no ip http server
!
access-list 1 permit 192.168.100.0 0.0.0.3
access-list 1 permit 192.168.100.4 0.0.0.3
access-list 1 permit 192.168.100.8 0.0.0.3
access-list 1 permit 10.0.0.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 1 permit 192.168.4.0 0.0.0.255
access-list 1 permit 192.168.100.12 0.0.0.3
access-list 1 permit 192.168.6.0 0.0.0.255
snmp-server engineID local 00000009020000D058AD278D
snmp-server community public RO
bridge 1 protocol ieee
!
line con 0
transport input none
line aux 0
line vty 0 4
password 7 1108140D1407
login
!
end
With this config, would I be right in assuming that I need to build another sub interface called Serial 0.5 with a description of "Connected to VPN"????
Please advise.
thanks!!
ASKER
PS: My subnet mask for the config is:255.255.255.252
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER